I can't get *OFF* my VPN anymore…:-)
-
2.2.6, still problems.
FW rules, on top of the screen of course:
1. 192.168.2.40 goes to geenstijl.nl -> use gateway PIA VPN.
2. System/advanced: skip rules when gateway is down: checked.
3. Disable PIA VPN: 2.40 happily goes to geenstijl.nl.The opposite is also true: all kinds of sites that are NOT in an alias to catch it via policy routing, simply go via the VPN they should not go through.
route-nopull was added 18 months ago.
It still seems pfsense is randomly deciding whether or not it will send traffic via the VPN; sometimes it sends traffic it shouldn't send, and vice versa.
-
Created new screen shots.
I'm sure it is not a bug, but if somebody can explain to me why the top 1 rule in FW is not followed, I'd be obliged.
-
Have you enabled logging for each of the rules with a meaningful description so you can diagnose?
There can be several reasons why imo.
The route no-pull is not working. The syntax for that command can be variable so try with the space rather than hyphen.
Also whether you are double NATing somehow. I had a replay situation at one point which meant the packets went through the firewall twice with unexpect d results. The logging will diagnose that. My state table was in the thousands also.
Also whether your netmasks are correct. You might intend one host but by /24 masking it you may let the whole subnet through etc. just do an audit of your netmasks for any mismatches.
Finally that you have ipv4/v6 attention and protocols set correctly.
-
I cant be bothered to read a zillion lines of text.
- assign an interface to ovpn if you havent already.
- activate route-no-pull checkbox. If the checkbox is not there due to the ancient release you are running: enter it in adv field.
If 1&2 dont help then post a screenshot of the routing table.
Veel plezier. ;)